Russia's 'Fancy Bear' APT Continues Its Global Onslaught
Victims don't need to match the cyber espionage group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
APT28 is a cyber-espionage threat group associated with targeted attacks against governments, political organizations, and critical infrastructure.
Search across headline titles and summaries.
Background for this topic.
APT28 is a cyber espionage group linked to Russian military intelligence, known for targeting government, military, and security organizations mainly in Europe and North America. They use custom malware, spear-phishing emails, and occasionally zero-day exploits to infiltrate networks and maintain long-term access for intelligence gathering and influence operations.
Security teams should focus on detecting APT28’s use of specialized backdoors and credential theft tools that enable stealthy lateral movement. Monitoring for targeted spear-phishing campaigns and unusual outbound connections can reveal early compromise signs. Because APT28 sometimes exploits unpatched vulnerabilities, prompt patching and integrating threat intelligence about their tactics are key to limiting exposure and preventing sensitive data loss or operational disruption.
Weekly headline count for the current query.
Victims don't need to match the cyber espionage group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
"Fancy Bear" relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.
The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration.
The mission is to gather information that could help Russia in its war against Ukraine.
In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.
The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation, tempting them with a purported good deal on a Audi Q7 Quattro SUV.
The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.
The feds disrupted a Russian intelligence SOHO router botnet notable for being built with Moobot malware rather than custom code.
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.
The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.
The nation-stage threat group deployed custom malware on archaic versions of Cisco's router operating system. Experts warn that such attacks targeting network infrastructure are on the rise.
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.